Active directory Attribute

This may also help

$OUs = 'OU ONE DN', 'OU TWO DN'
$(ForEach ($OU in $OUs) { Get-aduser -filter * -SearchBase $OU -Properties samaccountName, enabled, GivenName, SN, mail | Select-Object samaccountName, enabled, GivenName, SN, mail }) | Export-csv C:\Data\UserData.csv -nti

Select allOpen in new window

@MilesLogan

I like seeing an alt method.

Hi,
Please can you modify the script because when I run the script; In the output file, I see the following fields
Name,Enabled,GivenName,sn,mail

But I need to display in the output file the following fields:
 "Account","Enabled","First Name","Last Name","Mail"

Please I am waiting your help.

Not sure what you are referencing for the Account Attribute?

Hi,
when I run the script; In the output file, I need to see the following fields in display name (first line)

 "Account","Enabled","First Name","Last Name","Mail"

Best regards

OK, but what value do you want to populate the Account column.

Please I need to add the name of Domain controller on the folowing path

$DNArray = @('ou=Accounts,ou=Sales,ou=USA,dc=Dom,dc=local',,'ou=Accounts,ou=Marketing,ou=USA,dc=Dom,dc=local')

Bes regards;

You cannot get that attribute from the users attribute that are available.  If you mean the OU that holds the user or the full distinguished name (DN).  Here are both options.

Account = Distinguish Name

Import-Module ActiveDirectory
$DNArray = @('ou=Accounts,ou=Sales,ou=USA,dc=Dom,dc=local','ou=Accounts,ou=Marketing,ou=USA,dc=Dom,dc=local')
$users = $null
Foreach ($dn in $dnarray)
{

$users += Get-ADUser -filter * -SearchBase $dn -SearchScope OneLevel -Properties Name,Enabled,GivenName,sn,mail,DistinguishedName | Select @{n="Account";e={($_.DistinguishedName).ToLower()}},@{n="Disabled";e={($_.enabled)}},@{n="First Name";e={($_.GivenName)}},@{n="Last Name";e={($_.sn)}},@{n="EmailAddress";e={($_.mail).ToLower()}} 

$users |Export-Csv -Path '.\AD.csv' -NoTypeInformation -force  

}

Select allOpen in new window

Here is the user's OU for the account column

Import-Module ActiveDirectory
$DNArray = @('ou=Accounts,ou=Sales,ou=USA,dc=Dom,dc=local','ou=Accounts,ou=Marketing,ou=USA,dc=Dom,dc=local')
$users = $null
Foreach ($dn in $dnarray)
{

$users += Get-ADUser -filter * -SearchBase $dn -SearchScope OneLevel -Properties Name,Enabled,GivenName,sn,mail,DistinguishedName | Select @{n="Account";e={$User.DistinguishedName.Substring($User.DistinguishedName.IndexOf(",OU=")+1)}},@{n="Disabled";e={($_.enabled)}},@{n="First Name";e={($_.GivenName)}},@{n="Last Name";e={($_.sn)}},@{n="EmailAddress";e={($_.mail).ToLower()}} 

$users |Export-Csv -Path '.\AD.csv' -NoTypeInformation -force  

}

Select allOpen in new window

I want search the users from the two OUs  from the same DC server;
Where I can add the DC server in the code?????

Do you have multiple domains in your environment?  If not it does not matter what DC you get the information from.
This attribute is not stored in the user's list of attributes.

I have One domain but I have some DC (Controller domain) for that I want to specify the DC server name

Following up to see if my last comment made sense?

thx

Thanks for accepting my suggestion, but I am still curious on why you need the server.  By you adding the -Server switch it is implicated applied that it is coming from that server.   So if that is the case you can populate the table with a static value of <DC01>.  

It does not make sense to me the importance of this info.

Because we have some DCs in the world and I need to define two DCs (for example DCs of London city) when I run the script In office of London.
But I don't Know how can I add two DCs in the script?

Thx

But is you have a single domain all your locations should have the same data.  If you have your Sites and Services setup properly for the different subnets then that would be the DC the clients are talking to. If you leave Sites and Services as the default and all your DC's are talking to all subnets then it is a round-robin to which DC the client is talking to.  

It sounds like you have a domain that is disjointed and not properly configured if you need to speak to a specific DC.  

So you are saying that LondonDC01 has different data that USADC01, but has the same OU's ou=Accounts,ou=Marketing,ou=USA,dc=Dom,dc=local ?

Here is a link that may help explain it better than me.
https://blogs.technet.microsoft.com/canitpro/2015/03/03/step-by-step-setting-up-active-directory-sites-subnets-site-links/

Yes I agree
 Thx very much for your help

You agree with what?
It seems to me that you might not fully understand how Active Directory works and is configured.  I am trying to understand your needs for the specific DC and if it is because the data is not the same at each DC then like I said you have a bigger problem on your hands.

Hi,

When I run the script on server 2008 R2;

I have the message error:

Error: Exception calling "LoadFile" with "1" argument(s): "This assembly is built by a runtime newer than the currently
loaded runtime and cannot be loaded. (Exception from HRESULT: 0x8013101B)"

Do you have RSAT installed with Active Directory Powershell Module?
https://4sysops.com/archives/how-to-install-the-powershell-active-directory-module/

Ok thx,

But I have another error in the output file :

é=?
à=?

What is the resolution please

Can you post your script and out as it should up on your screen?

the same script

Import-Module ActiveDirectory
$DNArray = @('ou=Accounts,ou=Sales,ou=USA,dc=Dom,dc=local',,'ou=Accounts,ou=Marketing,ou=USA,dc=Dom,dc=local')
$users = $null
Foreach ($dn in $dnarray)
{

$users += Get-ADUser -filter * -SearchBase $dn -SearchScope OneLevel -Properties Name,Enabled,GivenName,sn,mail | Select @{n="Account";e={($_.name).ToLower()}},
@{n="Disabled";e={($_.enabled)}},
@{n="First Name";e={($_.GivenName)}},
@{n="Last Name";e={($_.sn)}},
@{n="EmailAddress";e={($_.mail).ToLower()}}

$users |Export-Csv -Path '.\AD.csv' -NoTypeInformation -force  

}

In Outputfile

First Name
Al?xandre

correct  : Aléxandre

Do you have the Active Directory Powershell installed on the computer you are running this from?

yes I have

You call have two ,, for the $DNARRAY
here is an adjusted script

Import-Module ActiveDirectory
 $DNArray = @('ou=Accounts,ou=Sales,ou=USA,dc=Dom,dc=local','ou=Accounts,ou=Marketing,ou=USA,dc=Dom,dc=local')
 $users = $null
 Foreach ($dn in $dnarray)
 {

 $users += Get-ADUser -filter * -SearchBase $dn -SearchScope OneLevel -Properties Name,Enabled,GivenName,sn,mail | Select @{n="Account";e={($_.name).ToLower()}},
 @{n="Disabled";e={($_.enabled)}},
 @{n="First Name";e={($_.GivenName)}},
 @{n="Last Name";e={($_.sn)}},
 @{n="EmailAddress";e={($_.mail).ToLower()}} 

 $users |Export-Csv -Path '.\AD.csv' -NoTypeInformation -force  

 } 

Select allOpen in new window

yes I corrected before

What is your Output result?

my output file is ok but just it converted the é or ç or à or other waracter with accent to this symbol  ?

What language is your DC's set at ?

the problem isn't my DCs because when I use a vbscript I don't have a problem for accent

do you have any idea ?

please

So you do have none English characters.

I don't have the frensh characters.

Add the -Encoding UTF8 to the end of the Export-csv cmdlet

Import-Module ActiveDirectory
 $DNArray = @('ou=Accounts,ou=Sales,ou=USA,dc=Dom,dc=local','ou=Accounts,ou=Marketing,ou=USA,dc=Dom,dc=local')
 $users = $null
 Foreach ($dn in $dnarray)
 {

 $users += Get-ADUser -filter * -SearchBase $dn -SearchScope OneLevel -Properties Name,Enabled,GivenName,sn,mail | Select @{n="Account";e={($_.name).ToLower()}},
 @{n="Disabled";e={($_.enabled)}},
 @{n="First Name";e={($_.GivenName)}},
 @{n="Last Name";e={($_.sn)}},
 @{n="EmailAddress";e={($_.mail).ToLower()}} 

 $users |Export-Csv -Path '.\AD.csv' -NoTypeInformation   -Encoding UTF8 -force  

 } 

Select allOpen in new window

very good thx;

Please, Can you explain me how I can change the separator between attribute in the output file from , to ;

yo_bee
please do you have any suggestions to change the separator ?

add -delimiter ';'  inline with the export-csv  

Import-Module ActiveDirectory
 $DNArray = @('ou=Accounts,ou=Sales,ou=USA,dc=Dom,dc=local','ou=Accounts,ou=Marketing,ou=USA,dc=Dom,dc=local')
 $users = $null
 Foreach ($dn in $dnarray)
 {

 $users += Get-ADUser -filter * -SearchBase $dn -SearchScope OneLevel -Properties Name,Enabled,GivenName,sn,mail | Select @{n="Account";e={($_.name).ToLower()}},
 @{n="Disabled";e={($_.enabled)}},
 @{n="First Name";e={($_.GivenName)}},
 @{n="Last Name";e={($_.sn)}},
 @{n="EmailAddress";e={($_.mail).ToLower()}} 

 $users |Export-Csv -Path '.\AD.csv' -NoTypeInformation  -Delimiter ';' -Encoding UTF8 -force  

 } 

Select allOpen in new window

yo_bee
When I run the script, I obtain the following message

 Editing the execution strategy
The execution strategy can protect you against scripts that you consider unreliable. By modifying the
execution strategy, you expose yourself to the security risks described in the Help topic
about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170. Do you want to change the strategy
execution?
[O] Yes [T] Yes for all [N] No [U] No for all [S] Suspend [?] Help (default is "N"):

Select allOpen in new window

Since you are running a script that is not signed you will get this message unless you change the policy to unrestricted.

The url in the message explains it all.

can you add the command in the script ? and hide the message?

yo_bee
please do you have any suggestions to change the code?
Thx

No.  This is something that you need to set for your computer's Powershell environment.
You have a few option and one of them is to set to unrestricted
I have never put this in a script before.
This is what I did and then the setting is always what you just set.

Set-ExecutionPolicy unrestricted 

Select allOpen in new window

Your other option is to sign it.
Here is a nice how to: https://www.darkoperator.com/blog/2013/3/5/powershell-basics-execution-policy-part-1.html

I want to use :
Set-ExecutionPolicy bypass

what happens when you set that

in windows 10 : error message to modify the registry key
in Windows 2008 R2 nothing

If you run Powershell with elevated permission are you able to set it on the windows 10 machine and run your script?

yes it's ok when I run with admin account

So what's the issue then.  This seems like it would be an admin task to run anyway.

great thx

Sorry I was not able to give you better info, but this is how Powershell works.

Since this is closed others really do not pay much attention. I would recommend posting a follow up question with this script and see what others say.